aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/tlspicotls
AgeCommit message (Collapse)AuthorFilesLines
2024-09-26tls: cleanup engine hs cb and improve ctx formattingFlorin Coras1-12/+3
Handshake completion is now tracked via a ctx flag so we no longer need ctx_handshake_is_over. Also, as we no longer prealloc application sessions, improve ctx state formatting. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If48588ecde13e56fb99d1a46238bda53ed4eae1b
2024-03-20tls: avoid app session preallocationFlorin Coras1-1/+0
Since async rx event infra decouples notification event generation from delivery we no longer run the risk of having tls realloc session pools while session layer still holds a pointer to the accepted/connected tcp session. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1bb429a058707aba1d4f32ea33615a2367e66969
2024-03-18tls: handle attepts to renegotiate hsFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
2024-03-12misc: remove GNU Indent directivesDamjan Marion1-4/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-02-27tls: pass reset ntf to enginesFlorin Coras1-0/+17
Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-31tls: convert ctx fields to connection flagsFlorin Coras1-3/+3
Type: refactor Change-Id: I527bbc1cf2e7b6d06fd0c88b7563fb59ed28bc40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-19build: disable plugins which require openssl if openssl is not availableDamjan Marion1-0/+5
Type: improvement Change-Id: I4591fcb31dd28d1771b3d6e5afdaa14f29efe6ef Signed-off-by: Damjan Marion <damarion@cisco.com>
2023-10-08tls: propagate reads to app irrespective of stateFlorin Coras1-1/+1
Session input node handles rx notifications even if session not fully accepted/connected Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6560c45db8f8e0b7f0dc3bdd0939f13ca2f43f15
2022-12-02quic: update to quicly v0.1.4Dave Wallace2-1/+8
Type: improvement Change-Id: I707399b8ba617a659476bfd7d793f04a1283e694 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2022-11-18tls: memory leak due to missing call to vnet_crypto_key_delSteven Luong1-1/+6
We add the crypto key to the vnet crypto library via vnet_crypto_key_add. However, when the session is disconnected, we don't call vnet_crypto_key_del and the memory is leaked in vnet_crypto library as well as in pico tls key store. It seems dispose crypto is the appropriate place to add vnet_crypto_key_del. Type: fix Signed-off-by: Steven Luong <sluong@cisco.com> Change-Id: If6d1266baf686fefe5bb81330ce60b35c8ff574e
2022-10-31tls: use safe pool reallocsFlorin Coras1-2/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan1-0/+8
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-01-19svm: update number of segments in svm_fifo_segmentsFlorin Coras1-6/+6
In addition to returning the number of bytes also update the number of segments to reflect the number used. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia87dc2aa62cea38b18dfa83df94dc2abe29d5121
2021-08-10tls: picotls optimize rx pathFlorin Coras1-69/+113
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0dfa8d60739bc781c37e0d8fced8280b9af93367
2021-08-10tls: picotls optimize writesFlorin Coras2-113/+188
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I76a1cd516849cfe5bc87ed2b3707c6f2257126d2
2021-08-06tls: avoid picotls buffer allocs on rxFlorin Coras2-3/+9
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6cf0c141ab4a4f5a46feb6119fa142148366f0a6
2021-08-06tls: avoid ptls ctx free on transport closeFlorin Coras1-2/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0537fa590b11abddf05550e42c7258549729f8a7
2021-08-03tls: picotls handle accept failuresFlorin Coras1-3/+15
Should also fix coverity warning. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I068b837377b329a22ace5b2235c6dd9f067ead77
2021-07-30tls: picotls rx fixes and improvementsFlorin Coras2-149/+126
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9ea41b8b271e9123e676acdc581ef429072fe843
2021-06-07tls: change picotls plugin crypto module to accommodate new version picotlsSimon Zhang2-3/+3
Type: fix Change-Id: I58931e235535be7d596ca578790f389b64a4fbd2 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2021-04-30build: declare some CMake variables as advancedDamjan Marion1-4/+4
Type: make Change-Id: I780c1c81a50cb92bc89c05856efd8ef88479c0ab Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-04-22tls: tlspicotls require version when buildingNathan Skrzypczak1-3/+19
Type: fix When building the tlspicotls plugin, we rely on vpp-ext-deps having installed quicly & picotls. We add a dependancy on the version installed thus ensuring that people with older vpp-ext-deps version installed don't have their build fail. This has the drawback that picotls doesn't have its own versionning scheme Change-Id: I9e2ccfc00b3c37af2bc2483a791eb05f994dd4a4 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-04-22quic: update quicly to v0.1.3Mathias Raoul1-6/+15
This bumps quicly version to v0.1.3 ( sha d44c089364067dbcdfbad7fb2c821900fb4aef5e in https://github.com/h2o/quicly ) Also simplifies the build to only make needed dependancies, and silence compiletime warnings Type: feature Change-Id: Ie00ec7e408d234464871b68ddc79bb33dc4179ed Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-01-22quic: quicly v0.1.2 updateMathias Raoul1-15/+22
- update quic plugin with new quicly/picotls API - remove packet allocator - remove crypto batching - update picotls plugin - add cli for quicly congestion control configuration Type: feature Change-Id: If76ef31c43b430eea2f7674539b2112aee0f351e Signed-off-by: Mathias Raoul <mathias.raoul@gmail.com>
2021-01-18tls: make picotls engine able to initial connection as clientSimon Zhang2-16/+74
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Idd14dc11e92e0851c64f83e280b52f12e32ae48d
2020-12-04tls: allow picotls to use secp elliptic curvesVladimir Medvedkin1-3/+3
Fix typos in macros for elliptic curves over prime field. Type: fix Fixes: f83194c2f4 Signed-off-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> Change-Id: I657a7feaf1d1fdf3f2ca74fb3787977c65891a20
2020-11-04tls: fix picotls engine crypto multi-thread issueSimon Zhang3-4/+13
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Ib454ccae5a81f91a744db82b72c7f1fcb29aa0cc
2020-04-28tls: fix wrong usage of session close function issueSimon Zhang1-1/+1
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I5a73e45e5b8a6a97c068e1ca108d8f8a2c1c0f90
2020-04-20tls: fix Picotls tx hang issueSimon Zhang1-2/+2
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Id84fbe412c99b39a0754b892ca971dd3e4434264
2020-04-11tls: make ctx_write function return the length of enqueueSimon Zhang1-1/+1
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Ia8656fe2c48799e53c1b2c064009848ad3457659
2020-04-09tls: adopt picotls engine to new session scheduling mechanismSimon Zhang1-2/+2
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I58fea0474e293d5e6a029e0dccd4a24b07b76a90
2020-04-04session tls: support tls deschedulingFlorin Coras1-2/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
2020-04-04session tls: improve app transports tx schedulingFlorin Coras1-3/+5
Type: improvement - allow apps to request rescheduling of tx events via SESSION_F_CUSTOM_TX flag - limit max burst per session custom tx dispatch In tls - use the new infra to reschedule tx events - use max burst bytes as upper limit to number of bytes to be encrypted Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
2020-03-16tls: refactor Picotls ctx_read function to reduce one time memory copySimon Zhang2-57/+50
Type: refactor Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I7a952fd95e49468a0d1c763b3e289648c93539da
2020-03-13tls: small refactor for Picotls engine ctx_write functionSimon Zhang2-22/+23
Type: refactor Change-Id: I761fc764e6771dc95eb64614479c27fd44016690 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2020-03-07tls: refactor ctx_write function to avoid allocate new memory every timeSimon Zhang2-14/+46
Type: refactor Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Ic34729d58a4218046afacaffc765649beb056a24
2020-02-26tls: fix picotls dbgFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5ca8aee973776e73f1376b6be538785398ba9b3d
2020-02-18tls: Picotls engine symmetric crypto enhancement by vpp crypto frameworkSimon Zhang4-1/+373
Type: feature Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I1d4fe75e5faf3fa2086d11020828345b173ebd03
2020-02-15tls: Fix Picotls ctx_read rx_content issueSimon Zhang1-18/+21
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I19cdd2055ea494fc36628b4a94fc56742c1d1a8a Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2020-02-11tls: refactor picotls ctx_read process to improve CPSSimon Zhang2-58/+55
Type: refactor Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: I2bb675b4df3c4151f4b0791efcfe05b1d0f87a33 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
2020-01-15tls: add picotls session close processSimon Zhang1-1/+10
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: If0a1691c1435f2826c8c83f8bc52e4cd3ecc6256
2019-11-12tls: fix picotls coverity warningsFlorin Coras1-13/+13
Type: fix Change-Id: Ib5c9de9c9053b8339f514ff648a75c3b56b55215 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-10tls: picotls engine basic enabling for TLSSimon Zhang5-0/+878
Type: feature Change-Id: I700d999771d837604dd0571741f4f0bcbec82403 Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>